DNSPT-CSIRT

MissionThe DNSPT-CSIRT has a mission to contribute to a safer and more trustful use of the internet under .PT through coordination and cooperation in the answer to security incidents, promoting the awareness for a security culture in its clients and partners community.

RFC 2350

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

1. Scope of this document

This describes the DNS.PT response service to security incidents, in accordance with RFC2350. The DNS.PT has as its object the management, operation and maintenance of the top level domain corresponding to Portugal, .PT.

1.1Date of the last update

Version 1.00, 2017-05-05.

1.2Distribuition lists for notifications

The members of the community are informed of the changes made via closed channels.

1.3Access to this document

The up to date version of this document is available at: http://www.dns.pt/pt/csirt/.

The version in English language is available at: http://www.dns.pt/en/csirt/.

1.4 Autenticity of this document

This document was signed with the PGP Key of the DNSPT-CSIRT, available at http://www.dns.pt/pt/dnspt-csirt/.

2.Contact information

2.1Name of the team

DNSPT-CSIRT

2.2Address

DNS.PT

Rua Latino Coelho n.º 13, 5.º Piso

1050-132 Lisboa

Portugal

2.3Time Zone

Portugal/WEST (GMT+0, GMT+1 from April to October)

2.4Telephone

808 20 10 39 ( Portugal only)

+351 211 583 341 (for international calls)

Working days from 08:00 to 20:00 (local time), Saturday and Sunday from 09:00 to 18:00 (local time)

2.5Fax

+351 211 312 720

2.6Other contacts

Facebook: https://www.facebook.com/dns.pt

2.7Electronic mail

To report any security incidents: abuse [@] dns.pt

For other subjects relating to the DNS.PT-CSIRT services: csirt [@] dns.pt

2.8Public keys and cypher information

The DNSPT-CSIRT PGP Key <csirt [@] dns.pt>:

KeyID: BF477898

Fingerprint: 14F16BB71E9702A43459B6833620D149BF477898

2.9Members of the team

DNSPT-CSIRT is operated by:

- Ricardo Pires <ricardo.pires [@] dns.pt>

- Eduardo Duarte <eduardo.duarte [@] dns.pt>

- Inês Esteves <ines.esteves [@] dns.pt>

2.10Other information

Public information in Portuguese about DNSPT-CSIRT can be found at https://www.dns.pt/pt/csirt/.

The version in English language is available at: http://www.dns.pt/en/csirt/.

2.11Means of contact

DNSPT-CSIRT has the following communication channels:

- To report any security incidents: abuse [@] dns.pt

- For other subjects relating to the DNS.PT-CSIRT services: csirt [@] dns.pt

In case it is not possible (or not advisable for security reasons) to use electronic mail, as an alternative means of contact, the following phone numbers can be used:

•Working days from 08:00 to 20:00 (local time), Saturday and Sunday from 09:00 to 18:00 (local time).

3.Script

3.1Mission

The DNSPT-CSIRT has a mission to contribute to a safer and more trustful use of the internet under .PT through coordination and cooperation in the answer to security incidents, promoting the awareness for a security culture in its clients and partners community

3.2The served Community

The DNSPT-CSIRT responds to security incidents in the context of its clients community, registrars and in the scope of the technological infrastructure of the .PT consisting in:

-all the networks within AS199993.

-The .PT name servers in its DNs zone root, available at: https://www.iana.org/domains/root/db/pt.html.

3.3Authority

DNSPT-CSIRT is a service that is part of the DNS.PT and cooperates in responding to security incidents within its community of clients and registrars.

4.Policies

4.1 Types of Incidents and Level of Support

The DNSPT-CSIRT responds to all kinds of security incidents, adopting the classification proposed by the National CSIRTs Network:

•Malicious code

•availability

•Information gathering

•Intrusion attempt

•Intrusion

•Information Security

•Fraud

•Abusive content

•Other

Under normal functioning conditions, the DNSPT-CSIRT proposes to give answer to the incidents above typified in a maximum 24 hours timeline.

The level of support given by DNSPT-CSIRT can vary according with the type and severity of the incident or occurrence identified and the available resources for its treatment.

4.2 Cooperation, interaction and privacy policy

The DNSPT-CSIRT ensures the confidentiality of the received, transmitted or stored communications, within the scope of its activity, establishing in its privacy and data protection policy, that sensitive information can be transmitted to third parties, only and exclusively in case of need and with previous and express authorization from the individual or collective person to whom that information respects to

The DNSPT-CSIRT adheres to the protocol of traffic light protocol (TLP). The messages and/or files directed DNSPT-CSIRT can be classified by having the tag [TLP Color]. In contact by telephone, the TLP classifications should be previously communicated

4.3.Communication and Authentication

Of the communication means made available by DNSPT-CSIRT, the telephone and the non-cyphered electronic mail are deemed sufficient for the transmission of non-sensitive information. To transmit sensitive information it is mandatory the use of the PGP key, which was identified in point 2.8 of this document.

5.Services

5.1Incidents response

The DNSPT-CSIRT ensures, in the scope of its activity, a security incidents response service in the context of its clients and partners community, applying an internal methodology based in international standards and best practices published by referenced and independent entities in this field.

5.1.1Incident Triage

Interpretation, classification and prioritizing of the treatment of the security occurrences.

5.1.2Coordenation of incidents

Analyzes the available information, identifies the causes and, if applicable, contacts the involved entities. The DNSPT-CSIRT cooperates with affected entities facilitating, whenever possible, additional information and the contact with third parties that can collaborate in the security incident resolution.

5.1.3Incidents resolution

In the context of its clients and partners community, it falls to DNSPT-CSIRT to counsel these entities about proper measures to the incident resolution, to accompany the incident resolution process. Interpret data and collect proof, if applicable.

5.2Monitoring

The DNSPT-CSIRT ensures the traffic monitoring within the AS199993 network and also in the .PT name servers.

5.3Proactive Activities

DNSPT-CSIRT offers proactively to its community private mailing-lists and security awareness actions.

6.Incidents form

No forms are defined for filling out.

7.Legal warning

Although all precautions in preparing the information divulged in its communication channels, the DNSPT-CSIRT does not assume any responsibility for errors or omissions, or by damages resulting from the use of that information.

Cookies are small text files that a website, to be visited by the user, puts on your computer or on your mobile device via the internet browser. The placement of cookies help the Web site to recognize your device the next time the user visits.